fix compilation error in JIT and potentially load nullptr

TianlongLiang · TianlongLiang · commit 5e0d3c90adee · 2025-05-15T19:44:51.000+08:00
diff --git a/core/iwasm/compilation/aot_emit_memory.c b/core/iwasm/compilation/aot_emit_memory.c
@@ -145,6 +145,7 @@ ffs(int n)
 static LLVMValueRef
 get_memory_curr_page_count(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx);
 
+#if WASM_ENABLE_SHARED_HEAP != 0
 uint32
 get_module_inst_extra_offset(AOTCompContext *comp_ctx);
 
@@ -192,8 +193,7 @@ get_module_inst_extra_offset(AOTCompContext *comp_ctx);
         BUILD_LOAD_PTR(field_p, data_type, res);                              \
     } while (0)
 
-/* Only update last used shared heap info(alloc ptr) in function ctx,
- * let runtime API update module inst shared heap info
+/* Update last used shared heap info(alloc ptr) in function ctx:
  * 1. shared_heap_start_off 2. shared_heap_end_off 3. shared_heap_base_addr_adj
  */
 bool
@@ -224,7 +224,6 @@ aot_check_shared_heap_chain(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 
     /* Call function */
     param_values[0] = func_ctx->aot_inst;
-    /* TODO: all use alloca to optimize the func call to single basic block? */
     param_values[1] = start_offset;
     param_values[2] = bytes;
     /* pass alloc ptr */
@@ -299,26 +298,12 @@ aot_check_shared_heap_memory_overflow_common(
     else
         LLVMMoveBasicBlockAfter(block_maddr_phi, check_succ);
 
-    // BUILD_LOAD_PTR(func_ctx->shared_heap_start_off, offset_type,
-    //                shared_heap_start_off);
-    // BUILD_ICMP(LLVMIntUGE, start_offset, shared_heap_start_off,
-    //            is_in_shared_heap, "shared_heap_lb_cmp");
-    BUILD_ICMP(LLVMIntUGE, start_offset, func_ctx->shared_heap_head_start_off,
+    /* Use >= here for func_ctx->shared_heap_head_start_off =
+     * shared_heap_head->start - 1 and use UINT32_MAX/UINT64_MAX value to
+     * indicate invalid value. The shared heap chain oob will be detected in
+     * app_addr_in_shared_heap block or aot_check_shared_heap_chain function */
+    BUILD_ICMP(LLVMIntUGT, start_offset, func_ctx->shared_heap_head_start_off,
                is_in_shared_heap, "shared_heap_lb_cmp");
-    /* For bulk memory previously already check whether start_offset + bytes
-     * overflows, can safely omit the upper boundary check */
-    if (!bulk_memory) {
-        shared_heap_check_bound =
-            is_memory64
-                ? I64_CONST(UINT64_MAX - bytes_u32 + 1)
-                : (is_target_64bit ? I64_CONST(UINT32_MAX - bytes_u32 + 1)
-                                   : I32_CONST(UINT32_MAX - bytes_u32 + 1));
-        CHECK_LLVM_CONST(shared_heap_check_bound);
-        BUILD_ICMP(LLVMIntULE, start_offset, shared_heap_check_bound, cmp,
-                   "shared_heap_ub_cmp");
-        BUILD_OP(And, is_in_shared_heap, cmp, is_in_shared_heap,
-                 "is_in_shared_heap");
-    }
     BUILD_COND_BR(is_in_shared_heap, app_addr_in_shared_heap_chain,
                   app_addr_in_linear_mem);
 
@@ -435,6 +420,7 @@ aot_check_bulk_memory_shared_heap_memory_overflow(
         start_offset, max_addr, NULL, bytes, 0, is_memory64, is_target_64bit,
         true, false);
 }
+#endif
 
 LLVMValueRef
 aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
@@ -443,10 +429,10 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 {
     LLVMValueRef offset_const =
         MEMORY64_COND_VALUE(I64_CONST(offset), I32_CONST(offset));
-    LLVMValueRef addr, maddr, maddr_phi = NULL, offset1, cmp1, cmp;
+    LLVMValueRef addr, maddr, offset1, cmp1, cmp;
     LLVMValueRef mem_base_addr, mem_check_bound;
     LLVMBasicBlockRef block_curr = LLVMGetInsertBlock(comp_ctx->builder);
-    LLVMBasicBlockRef check_succ, block_maddr_phi = NULL;
+    LLVMBasicBlockRef check_succ;
     AOTValue *aot_value_top;
     uint32 local_idx_of_aot_value = 0;
     uint64 const_value;
@@ -461,6 +447,10 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 #else
     bool is_memory64 = IS_MEMORY64;
 #endif
+#if WASM_ENABLE_SHARED_HEAP != 0
+    LLVMValueRef maddr_phi = NULL;
+    LLVMBasicBlockRef block_maddr_phi = NULL;
+#endif
 
     is_target_64bit = (comp_ctx->pointer_size == sizeof(uint64)) ? true : false;
 
@@ -626,6 +616,7 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         block_curr = check_integer_overflow_end;
     }
 
+#if WASM_ENABLE_SHARED_HEAP != 0
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
         ADD_BASIC_BLOCK(block_maddr_phi, "maddr_phi");
         SET_BUILD_POS(block_maddr_phi);
@@ -645,6 +636,7 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
             goto fail;
         }
     }
+#endif
 
     if (comp_ctx->enable_bound_check
         && !(is_local_of_aot_value
@@ -723,6 +715,7 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         }
     }
 
+#if WASM_ENABLE_SHARED_HEAP != 0
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
         block_curr = LLVMGetInsertBlock(comp_ctx->builder);
         LLVMAddIncoming(maddr_phi, &maddr, &block_curr, 1);
@@ -734,6 +727,7 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         return maddr_phi;
     }
     else
+#endif
         return maddr;
 fail:
     return NULL;
@@ -1356,16 +1350,20 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
                            LLVMValueRef offset, LLVMValueRef bytes)
 {
     LLVMValueRef maddr, max_addr, cmp, cmp1;
-    LLVMValueRef mem_base_addr, maddr_phi = NULL;
+    LLVMValueRef mem_base_addr;
     LLVMBasicBlockRef block_curr = LLVMGetInsertBlock(comp_ctx->builder);
-    LLVMBasicBlockRef check_succ, block_maddr_phi = NULL;
+    LLVMBasicBlockRef check_succ;
     LLVMValueRef mem_size;
     bool is_target_64bit;
 #if WASM_ENABLE_MEMORY64 == 0
     bool is_memory64 = false;
 #else
     bool is_memory64 = IS_MEMORY64;
 #endif
+#if WASM_ENABLE_SHARED_HEAP != 0
+    LLVMValueRef maddr_phi = NULL;
+    LLVMBasicBlockRef block_maddr_phi = NULL;
+#endif
 
     is_target_64bit = (comp_ctx->pointer_size == sizeof(uint64)) ? true : false;
 
@@ -1466,6 +1464,7 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         block_curr = check_integer_overflow_end;
     }
 
+#if WASM_ENABLE_SHARED_HEAP != 0
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
         ADD_BASIC_BLOCK(block_maddr_phi, "maddr_phi");
         SET_BUILD_POS(block_maddr_phi);
@@ -1483,6 +1482,7 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
             goto fail;
         }
     }
+#endif
 
     /* mem_size is always 64-bit, extend max_addr on 32 bits platform */
     if (!is_target_64bit
@@ -1506,6 +1506,7 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         goto fail;
     }
 
+#if WASM_ENABLE_SHARED_HEAP != 0
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
         block_curr = LLVMGetInsertBlock(comp_ctx->builder);
         LLVMAddIncoming(maddr_phi, &maddr, &block_curr, 1);
@@ -1517,6 +1518,7 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         return maddr_phi;
     }
     else
+#endif
         return maddr;
 fail:
     return NULL;
diff --git a/core/iwasm/compilation/aot_llvm.c b/core/iwasm/compilation/aot_llvm.c
@@ -1518,6 +1518,14 @@ create_memory_info(const AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
     return true;
 }
 
+#define BUILD_IS_NOT_NULL(value, res, name)                                \
+    do {                                                                   \
+        if (!(res = LLVMBuildIsNotNull(comp_ctx->builder, value, name))) { \
+            aot_set_last_error("llvm build is not null failed.");          \
+            goto fail;                                                     \
+        }                                                                  \
+    } while (0)
+
 #define LOAD_MODULE_EXTRA_FIELD_AND_ALLOCA(field, type)                        \
     do {                                                                       \
         get_module_extra_field_offset(field);                                  \
@@ -1548,8 +1556,10 @@ create_memory_info(const AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 static bool
 create_shared_heap_info(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx)
 {
+#if WASM_ENABLE_SHARED_HEAP != 0
     LLVMValueRef offset, field_p, load_val, shared_heap_head_p,
-        shared_heap_head;
+        shared_heap_head, cmp, field_p_or_default, shared_heap_head_start_off,
+        shared_heap_head_start_off_minus_one;
     LLVMTypeRef shared_heap_offset_type;
     uint32 offset_u32;
 #if WASM_ENABLE_MEMORY64 == 0
@@ -1587,6 +1597,7 @@ create_shared_heap_info(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx)
         aot_set_last_error("llvm build load failed");
         goto fail;
     }
+    BUILD_IS_NOT_NULL(shared_heap_head, cmp, "has_shared_heap");
 
     if (is_memory64) {
         offset_u32 = offsetof(WASMSharedHeap, start_off_mem64);
@@ -1602,16 +1613,43 @@ create_shared_heap_info(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx)
         aot_set_last_error("llvm build inbounds gep failed");
         goto fail;
     }
-    if (!(func_ctx->shared_heap_head_start_off =
-              LLVMBuildLoad2(comp_ctx->builder, shared_heap_offset_type,
-                             field_p, "shared_heap_head_start_off"))) {
+
+    /* Select shared heap head ptr or safe alloca
+     * shared_heap_start_off(UINT32_MAX/UINT64_MAX) based on the condition */
+    if (!(field_p_or_default = LLVMBuildSelect(comp_ctx->builder, cmp, field_p,
+                                               func_ctx->shared_heap_start_off,
+                                               "ptr_or_default"))) {
+        aot_set_last_error("llvm build select failed");
+        goto fail;
+    }
+
+    if (!(shared_heap_head_start_off = LLVMBuildLoad2(
+              comp_ctx->builder, shared_heap_offset_type, field_p_or_default,
+              "shared_heap_head_start_off"))) {
+        aot_set_last_error("llvm build load failed");
+        goto fail;
+    }
+    if (!(shared_heap_head_start_off_minus_one = LLVMBuildAdd(
+              comp_ctx->builder, shared_heap_head_start_off,
+              comp_ctx->pointer_size == sizeof(uint64) ? I64_NEG_ONE
+                                                       : I32_NEG_ONE,
+              "head_start_off_minus_one"))) {
         aot_set_last_error("llvm build load failed");
         goto fail;
     }
 
+    if (!(func_ctx->shared_heap_head_start_off = LLVMBuildSelect(
+              comp_ctx->builder, cmp, shared_heap_head_start_off_minus_one,
+              shared_heap_head_start_off, "head_start_off"))) {
+        aot_set_last_error("llvm build select failed");
+        goto fail;
+    }
     return true;
 fail:
     return false;
+#else
+    return true;
+#endif
 }
 
 static bool
@@ -2466,7 +2504,7 @@ jit_stack_size_callback(void *user_data, const char *name, size_t namelen,
     stack_consumption_to_call_wrapped_func =
         musttail ? 0
                  : aot_estimate_stack_usage_for_function_call(
-                       comp_ctx, func_ctx->aot_func->func_type);
+                     comp_ctx, func_ctx->aot_func->func_type);
     LOG_VERBOSE("func %.*s stack %u + %zu + %u", (int)namelen, name,
                 stack_consumption_to_call_wrapped_func, stack_size, call_size);
 
